b"        \xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0\n\xc2\xa0           \xc2\xa0   \xc2\xa0   \xc2\xa0   \xc2\xa0   \xc2\xa0   \xc2\xa0\n\xc2\xa0                                   The Center for Folklife\n\xc2\xa0\n\xc2\xa0                                   and Cultural Heritage\n                                    Needs to Improve Its\n\xc2\xa0\n\xc2\xa0\n\n                                    Financial Management\n\xc2\xa0\n\xc2\xa0\xc2\xa0\xc2\xa0\xc2\xa0\xc2\xa0\n\xc2\xa0\n\xc2\xa0                                   Operations\n\n\n\n\n                                    Office of the Inspector General\n\n                                    Accounting Information Systems\n                                     at the Center for Folklife and\n                                     Cultural Heritage, Report Number\n                                     A-11-09\n                                    September 28, 2012\n\x0c         Smithsonian Institution\n         Office of the Inspector General\n\n\n                                The Center for Folklife and Cultural Heritage\nIn Brief                        Needs to Improve Its Financial Management\n                                Operations, A-11-09, September 28, 2012\n                                                                                                        \xef\x80\xa0\xef\x80\xa0\xef\x80\xa0\n\nWhy We Did This Audit           What We Found\n\nWe conducted this audit to      We found that the Center for Folklife and Cultural Heritage\nassess whether the              (CFCH) needs to increase oversight of the accounting\naccounting information          information system that Smithsonian Folkways Recordings\nsystems (1) reconcile to        (Folkways) uses to capture sales, inventory, accounts receivable\nthe Smithsonian\xe2\x80\x99s               data, and other financial information. We also determined that\nEnterprise Resource             CFCH needs to improve management of the Festival Marketplace\nPlanning system, (2)            point of sale system, which is used to manage Festival\nprovide management an           Marketplace operations. In addition, we found that CFCH needs\naccurate view of Center for     to improve segregation of duties and cross-train staff to perform\nFolklife and Cultural           key financial tasks.\nHeritage\xe2\x80\x99s (CFCH) business\nactivities, and (3) can be      CFCH\xe2\x80\x99s ability to make sound business decisions is impaired\nimproved to increase            because the inventory and accounts receivable records are\nefficiencies.                   inaccurate. In addition, because information from these\n                                subsidiary ledgers is transferred to the Enterprise Resource\nBackground                      Planning (ERP) system, the Smithsonian\xe2\x80\x99s official accounting\n                                records, specifically inventory and accounts receivable, are also\nCFCH is a research and          inaccurate.\neducational unit of the\nSmithsonian Institution         What We Recommended\ndedicated to promoting the\nunderstanding and               We made eight recommendations intended to ensure that\ncontinuity of diverse,          Folkways\xe2\x80\x99 accounting records reconcile to ERP and to provide\ncontemporary grassroots         management an accurate view of its profitability.\ncultures in the United\nStates and around the           We made four recommendations directed at improving internal\nworld. CFCH\xe2\x80\x99s primary           controls over Festival Marketplace activities.\nactivities are the\nSmithsonian Folklife            Lastly, we made five recommendations to improve management\nFestival (Festival) and         over financial activities, as well as to strengthen CFCH\xe2\x80\x99s user\nSmithsonian Folkways            access controls over systems that accept payment cards.\nRecordings (Folkways).\nThe Festival is an annual       Management concurred with our findings and recommendations\nevent held outdoors on the      and has proposed or taken corrective actions that will address\nNational Mall. Folkways         the recommendations. Based on corrective actions taken by\nhas a collection of over        management, we closed five recommendations as of the date of\n43,000 recordings that are      this report.\navailable for purchase. To\nmanage these activities,\nCFCH utilizes various\naccounting information           For additional information or a copy of the full report, contact the\n                                 Office of the Inspector General at (202) 633-7050 or visit\nsystems for its operations.\n                                 http://www.si.edu/oig.\n\x0co          Smithsonian Institution \t\n\n           Office of the Inspector General\n                                                                                      Memo\n\n\n\n  Date     September 28, 2012\n\n    To \t   Daniel Sheehy, Director, Center for Folklife and Cultural Heritage \n\n           Andrew Zino, Comptroller \n\n           Deron Burba, Chief Information Officer \n\n\n    cc \t Albert Horvath , Under Secretary for Finance and Administration/\n           Chief Financial Officer\n         Richard Kurin, Under Secretary for History, Art, and Culture\n         Patricia Bartlett, Chief of Staff, Office of the Secretary\n         Judith Leonard, General Counsel\n         John Clark, Budget Analyst, Office of Planning, Management and\n           Budget\n         Stone Kelly, Program and Budget Analyst, Office of Planning,\n           Management and Budget\n\n From      Scott S. Dahl, Inspector General   ~\nSubject \t The Center for Folklife and Cultural Heritage Needs to Improve Its Financial\n          Management Operations, A-U-09\n\n           Attached please find a copy of our final report titled The Center for Folklife\n           and Cultural Heritage Needs to Improve Its Financial Management\n           Operations.\n\n           We made eight recommendations to ensure that the Smithsonian Folkways\n           Recordings ' accounting records reconcile to the Enterprise Resource Planning\n           system and to provide management an accurate view of its profitability . We\n           made four recommendations directed at improving internal controls over\n           Festival Marketplace activities. Lastly, we made five recommendations to\n           improve management over financial activities, as well as to strengthen the\n           Center for Folklife and Cultural Heritage's user access controls over systems\n           that accept payment cards. Management concurred with our findings and\n           recommendations and has proposed or taken corrective actions that will\n           address the recommendations.\n\n           We appreciate the courtesy and cooperation of the staff of the Center for\n           Folklife and Cultural Heritage and the Office of the Comptroller during this\n           audit.\n\n           Please call Michael Sinko, Assistant Inspector General for Audits, or Joan\n           Mockeridge, Supervisory Auditor, on 202 .633 .7050 if you have any\n           questions.\n\n\n           MRCS24\n           PO Box370 12 \n\n           Washingto n DC 20013\xc2\xb707 12 \n\n           202 .633.7050 Telepho ne \n\n           202 .633\xc2\xb7 7079 Fax \n\n\x0cSMITHSONIAN INSTITUTION                             OFFICE OF THE INSPECTOR GENERAL\n\n\nINTRODUCTION\n\nThis report presents the results of our audit of accounting information systems at\nthe Center for Folklife and Cultural Heritage (CFCH). Our objectives were to assess\nwhether the accounting information systems (1) reconcile to the Smithsonian\xe2\x80\x99s\nEnterprise Resource Planning (ERP) System, (2) provide management an accurate\nview of CFCH\xe2\x80\x99s business activities, and (3) can be improved to increase efficiencies.\nWe describe in detail our audit scope and methodology in Appendix A.\n\nCFCH\xe2\x80\x99s primary activities are the Smithsonian Folklife Festival (Festival) and\nSmithsonian Folkways Recordings (Folkways). The Festival is an annual event held\noutdoors on the National Mall. Folkways manages a collection of over 43,000\nrecordings that are available for purchase. To manage these activities, CFCH utilizes\nvarious accounting information systems for its Festival and Folkways operations.\nThis audit focused on the following systems:\n\n   \xef\x82\xb7   Participant Tracking System \xe2\x80\x93 tracks Festival participants\xe2\x80\x99 travel,\n       honorarium, and miscellaneous expenses.\n   \xef\x82\xb7   Marketplace Point-of-Sale System (POS) \xe2\x80\x93 tracks inventories, assigns bar\n       codes, tracks sales, and creates vendor invoices at the annual Festival.\n   \xef\x82\xb7   NetSuite \xe2\x80\x93 financial system Folkways uses to manage its record label.\n   \xef\x82\xb7   Record Maestro \xe2\x80\x93 contains royaltor payment information.\n\nRESULTS IN BRIEF\n\nWe found that the Center for Folklife and Cultural Heritage (CFCH) needs to\nincrease oversight of the accounting information system that Smithsonian Folkways\nRecordings (Folkways) uses to capture sales, inventory, accounts receivable data,\nand other financial information. Specifically we found that:\n\n   \xef\x82\xb7   CFCH was not effectively maintaining subsidiary records for Folkways.\n   \xef\x82\xb7   Folkways\xe2\x80\x99 inventory management and accounts receivable, does not reconcile\n       to ERP. For example, we identified a variance of approximately $349,000\n       between Folkways\xe2\x80\x99 and the Smithsonian\xe2\x80\x99s ERP inventory records.\n   \xef\x82\xb7   Neither Folkways nor the Office of the Comptroller (OC) could resolve a\n       difference of $127,000 between Folkways\xe2\x80\x99 accounts receivable records and\n       ERP.\n\nCFCH\xe2\x80\x99s ability to make sound business decisions is impaired because the inventory\nand accounts receivable records are inaccurate. In addition, because information\nfrom these subsidiary ledgers is transferred to ERP, the Smithsonian\xe2\x80\x99s official\naccounting records, specifically inventory and accounts receivable, are also\ninaccurate.\n\nWe also determined that CFCH needs to improve management of the Festival\nMarketplace POS system, which is used to manage Marketplace operations. For\nexample:\n\x0cSMITHSONIAN INSTITUTION                            OFFICE OF THE INSPECTOR GENERAL\n\n\n   \xef\x82\xb7   CFCH needs to increase oversight of the Festival\xe2\x80\x99s POS system, as it relates\n       to vendor payments, recording of inventory, and daily deposit of Marketplace\n       cash proceeds.\n   \xef\x82\xb7   CFCH was not following Smithsonian password policies to access the POS\n       system.\n\nLastly, we found that CFCH needs to improve segregation of duties and cross-train\nstaff to perform key financial tasks.\n\nWe made eight recommendations intended to ensure that Folkways\xe2\x80\x99 accounting\nrecords reconcile to ERP and to provide management an accurate view of its\nprofitability. Implementing these recommendations will improve the accuracy and\nmanagement of inventory and accounts receivable records.\n\nWe made four recommendations directed at improving internal controls over\nFestival Marketplace activities. Once implemented, these recommendations will help\nensure improved controls over the Marketplace inventory and daily cash deposits.\n\nLastly, we made five recommendations to improve management over financial\nactivities, as well as to strengthen CFCH\xe2\x80\x99s user access controls over systems that\naccept payment cards.\n\nManagement concurred with our findings and recommendations and has proposed\nor taken corrective actions that will address the recommendations. Based on\ncorrective actions already taken by management, we closed five recommendations\nas of the date of this report. Please refer to Appendix B for management\xe2\x80\x99s complete\nresponse. Please refer to Appendix C for a Schedule of Recommendation\nCompletion Dates.\n\nBACKGROUND\n\nCFCH is a research and educational unit of the Smithsonian Institution dedicated to\npromoting the understanding and continuity of diverse, contemporary grassroots\ncultures in the United States and around the world. CFCH\xe2\x80\x99s primary activities are\nthe Festival and Smithsonian Folkways Recordings. CFCH produces exhibitions,\ndocumentary films and videos, symposia, publications, and educational materials.\nCFCH also conducts ethnographic and cultural heritage policy oriented research,\nmaintains the Ralph Rinzler Folklife Archives and Collections, and provides\neducational and research opportunities through fellowships, internships, and\ntraining programs. CFCH\xe2\x80\x99s activities are funded by:\n\n   \xef\x82\xb7   federal appropriations;\n   \xef\x82\xb7   Smithsonian trust funds;\n   \xef\x82\xb7   contracts and agreements with national, state, and local governments;\n   \xef\x82\xb7   foundation grants;\n   \xef\x82\xb7   gifts from individuals and corporations;\n   \xef\x82\xb7   income from the Festival; and\n   \xef\x82\xb7   Folkways product sales.\n\n\n                                         2\n\x0cSMITHSONIAN INSTITUTION                                   OFFICE OF THE INSPECTOR GENERAL\n\n\nThe Smithsonian Folklife Festival\n\nThe Festival is an annual event held outdoors on\nthe National Mall. CFCH has been producing the\nfestival since 1967. CFCH invites musicians,\nartists, performers, craftspeople, workers, cooks,\nstorytellers, and others to the National Mall to\ndisplay their talents in a venue that is free to the\npublic. Each year, Festival organizers diversify the\nprograms by featuring a nation, region, and state\nor theme. Since its inception, the Festival has\nfeatured programs from more than 90 countries.\nThe Festival supports funding for CFCH through\nvarious profit generating activities such as\nMarketplace sales of vendor crafts and food\nconcessions that are related to the particular year\xe2\x80\x99s   The Smithsonian Folklife Festival is an\nprograms. In 2011, the Festival grossed                 annual two week event on the National\n                                                        Mall.\napproximately $590,000 in revenue from\nMarketplace and concession sales. After paying Festival related expenses, such as\ncost of goods sold and salaries, the Festival netted approximately $137,000. These\nfunds are used to support CFCH\xe2\x80\x99s department and programs.\n\nThe Smithsonian Folkways Recordings\n\n                                            In 1987, the Smithsonian acquired the Folkways\n                                            Records & Service Company, which was founded\n                                            in 1948 by Moses Asch, to ensure that the\n                                            collection of approximately 2,200 folk albums\n                                            would be available to future generations. The\n                                            collection includes traditional, ethnic, and\n                                            contemporary music from around the world;\n                                            poetry, spoken word, and instructional recordings\n                                            in numerous languages; and documentary\n                                            recordings of individuals, communities, current\n                                            events, and natural sounds. This collection has\n                                            grown to include over 43,000 individual\n                                            recordings that are sold primarily as compact\n  In 2012, Folkways Recordings will release discs or digital downloads. Folkways distributes\n  Woody at 100: The Woody Guthrie\n  Centennial Collection, a commemorative    music through its website, mail order catalogue,\n  collection of his work.                   and third parties such as iTunes and eMusic. In\n2011, Folkways generated approximately $3,600,000 in gross revenue.\n\nIn 2009, CFCH signed a Memorandum of Understanding (MOU) to share half of\nFolkways\xe2\x80\x99 first $200,000 of annual net gains or losses with the Central Trust Fund.\nThe Central Trust Fund received approximately $100,000 in fiscal year 2011 and\n$57,000 in fiscal year 2010.\n\n\n\n\n                                               3\n\x0cSMITHSONIAN INSTITUTION                                     OFFICE OF THE INSPECTOR GENERAL\n\n\nCFCH Accounting Information Systems\n\nCFCH uses the following four accounting information systems to manage its\nfinancial operations. CFCH and OC staff manually enter some financial information\nfrom these subsidiary systems into the ERP Financials system, the Smithsonian\xe2\x80\x99s\nofficial accounting records.\n\n    Folklife Festival Accounting Information Systems\n\n       Participant Tracking System \xe2\x80\x93 Folklife Festival staff (Folklife) use this Access-\n       based system to track Festival participants. Folklife staff also use the system\n       to generate purchase orders and payment vouchers for the Festival\n       participants\xe2\x80\x99 travel, honorarium, and miscellaneous expenses.\n\n       Marketplace Point-of-Sale System (POS) \xe2\x80\x93 Festival Marketplace staff use the\n       POS system to record inventories, assign bar codes, track sales, and create\n       vendor invoices at the annual Festival. The vendor invoices are used to pay\n       merchants whose products are sold at the Festival Marketplace.\n\n    Folkways\xe2\x80\x99 Accounting Information Systems\n\n       NetSuite \xe2\x80\x93 Folkways staff use this web-based financial system to capture\n       sales and inventory data for music merchandise and digital recordings sold\n       through the Folkways website and the mail order catalogue. Staff also use\n       NetSuite to record accounts receivable, royalty payments, and other financial\n       data.\n\n       Record Maestro \xe2\x80\x93 Record Maestro is a royalty payment management system.\n       Folkways staff use the Record Maestro system to calculate royalty payments\n       owed to artist royaltors1 and mechanical licensees.2 Folkways staff enter the\n       royaltors and licensees into the Record Maestro system based on their\n       agreements. To make royalty payments, Folkways uploads sales data from\n       NetSuite and third parties such as iTunes and eMusic. Based on the uploaded\n       sales data, the Record Maestro system calculates the royalties owed to artist\n       royaltors and mechanical licensees.\n\n    Smithsonian\xe2\x80\x99s Official Accounting Records\n\n       ERP \xe2\x80\x93 The ERP system contains financial management data used by the\n       Smithsonian. Financial management consists of the following: asset and\n       liability management, reporting, budget and finance, accounting, payments,\n       and collections and receivables, in accordance with applicable federal\n       standards.\n\n1\n  Artist royaltors are recording artists, compilers, producers, as well as companies that licensed\nmaster recordings to Folkways. Royalties are determined by contracts with Folkways.\n2\n  Mechanical licensees are music publishers or composers who own the copyrights in musical\ncompositions embodied in sound recordings. Mechanical royalties are based on statutory rates set by\nCongress.\n\n                                                 4\n\x0cSMITHSONIAN INSTITUTION                             OFFICE OF THE INSPECTOR GENERAL\n\n\nFinancial Management Roles and Responsibilities\n\nFolkways \xe2\x80\x93 Folkways staff are responsible for direct supervision of all aspects of\nFolkways\xe2\x80\x99 financial operations including inventory management, accounts\nreceivable, and royalty payments. In addition, they have the primary responsibility\nto perform the monthly reconciliation of accounts receivable.\n\nFolklife \xe2\x80\x93 Folklife staff are responsible for the planning and the management of the\nFestival. Specifically, they monitor the Festival concessionaires and administer the\nMarketplace. Folklife staff are authorized to make direct payments to Festival\nparticipants.\n\nOffice of the Comptroller (OC) \xe2\x80\x93 OC staff are responsible for maintaining the official\nbooks and accounts of the Smithsonian. In addition, it provides technical guidance\nof activity accounting to assure the validity of accounts and reports. OC\xe2\x80\x99s Financial\nAnalysis and Reporting Division is responsible for verifying that the monthly\naccounts receivable reconciliation is performed by the appropriate party.\n\nOffice of the Chief Information Officer (OCIO) \xe2\x80\x93 OCIO staff are responsible for\neducating the Smithsonian community about data security responsibilities and\nassisting units with implementing data security standards, as they relate to\naccounting information systems. In addition, OCIO co-chairs the Payment Card\nIndustry (PCI) Working Group to coordinate Smithsonian payment card compliance\nactivities.\n\nSmithsonian Policies and Procedures\n\nSmithsonian Directive (SD) 301 Financial Management Accounting Practices and\nProcedures communicates the Smithsonian\xe2\x80\x99s accounting policies and procedures.\nThe directive is supported by the Financial Management Accounting Policies and\nProcedures Handbook which includes the Smithsonian\xe2\x80\x99s accounts receivable and\nbookkeeping policies.\n\nSD 313 Smithsonian Auxiliary Activities Handbook describes accounting policies and\nprocedures such as inventory control and cash management for Smithsonian\nauxiliary activities.\n\nSD 309 Merchant Accounts, Payment Cards, and the Payment Card Industry Data\nSecurity Standard outlines various responsibilities regarding PCI compliance for\nunits that accept payment cards for products, services, or donations.\nThis directive is supported by the Payment Card Handbook which outlines\nprocedures that units must follow to accept payment card transactions.\n\nSD 931 Use of Computers, Telecommunications Devices and Networks outlines\npolicies for all users of Smithsonian computers, telecommunications devices, and\nnetworks, including all hardware connected to Smithsonian computers and\nnetworks.\n\n\n                                          5\n\x0cSMITHSONIAN INSTITUTION                             OFFICE OF THE INSPECTOR GENERAL\n\n\nSD 310 Financial Reporting and Risk Management Internal Controls outlines policies\nand procedures for establishing, documenting, assessing, and reporting on the\nfinancial management internal controls that are critical for safeguarding\nSmithsonian assets.\n\nRESULTS OF AUDIT\n\nIn reviewing CFCH\xe2\x80\x99s accounting information systems, we found that CFCH was not\neffectively maintaining reliable subsidiary records for Folkways. In addition, we\ndetermined that CFCH could improve oversight of its Festival Marketplace activities,\nsuch as ensuring daily deposits of cash and that all vendor products are entered\ninto the POS system prior to sale. We also determined that CFCH could improve\nsegregation of duties and succession planning for its key financial personnel. Lastly,\nwe determined that CFCH should strengthen user access controls over systems that\naccept payment cards.\n\nThe Folkways Profit and Loss Statement is Not Reliable\n\nCFCH needs to improve oversight of the financial management of its Folkways\xe2\x80\x99\noperations. During the course of our audit, we determined that neither Folkways\xe2\x80\x99\ninventory nor its accounts receivable records were accurate. As a result, Folkways\xe2\x80\x99\nprofit and loss statement generated from ERP is not an accurate representation of\nFolkways\xe2\x80\x99 profitability. During the course of our audit, CFCH hired a firm that has\naccounting experience with independent record labels. This firm has been working\nwith CFCH and OC to address the inventory and accounts receivable valuations.\n\nInventory\n\nFolkways needs to improve management of its inventory records that are\nmaintained in NetSuite, a web-based accounting information system. As of\nSeptember 30, 2011, ERP reported inventory at approximately $911,000, while\nNetSuite reported inventory at approximately $562,000, a variance of $349,000.\nWe found specific instances where inventory balances differed between NetSuite\nand ERP. For example, as of September 30, 2011, ERP showed a negative balance\nof approximately $400 for shirts, while NetSuite had a positive balance of\napproximately $4,300. In addition, Folkways staff cannot support the unit costs in\nNetSuite, which are the costs incurred to produce one unit of a product. Therefore,\nFolkways\xe2\x80\x99 inventory values in ERP and NetSuite are not reliable.\n\nAccording to staff job descriptions, Folkways senior management is responsible for\ndirect supervision of all aspects of financial operations including inventory\nmanagement. The Financial Management Accounting Policies and Procedures\nHandbook, referenced in SD 301, assigns OC the responsibility to maintain the\nofficial books and accounts of the Smithsonian, as well as to provide technical\nsupervision of activity accounting to assure the validity of accounts and reports.\nThe inventory inaccuracies are the result of several causes:\n\n\n\n                                          6\n\x0cSMITHSONIAN INSTITUTION                                      OFFICE OF THE INSPECTOR GENERAL\n\n\n    \xef\x82\xb7   Folkways accounts for finished products as separate components, such as\n        compact discs (CD), printed material, and cases. However, Folkways is not\n        accounting for all of the cost of goods sold expenses because it does not\n        expense all of the products\xe2\x80\x99 components when it sells inventory. For\n        example, it did not properly expense promotional materials.\n\n    \xef\x82\xb7   During the course of our audit, Folkways could not support the unit costs for\n        a test sample of products selected by OC. Folkways was unable to support\n        unit costs because it did not properly include freight in the calculation. The\n        lack of electronic integration between the distributor\xe2\x80\x99s sale system and\n        NetSuite also contributed to management\xe2\x80\x99s difficulty when calculating unit\n        costs. The lack of integration required Folkways staff to manually enter sales\n        data from the distributor into NetSuite. However, Folkways had not\n        consistently entered the sales data into NetSuite. This affected the product\n        counts used to calculate the average cost of a unit.3 During the course of our\n        audit, Folkways took steps to integrate data from the distributor into\n        NetSuite.\n\n    \xef\x82\xb7   Folkways produces a report that projects the number of years it will take to\n        sell CDs on hand, based on historical sales data. However, it lacks a written\n        policy that defines aging thresholds used to write-off inventory. Folkways\n        management stated it would be reasonable to have up to ten years of CDs on\n        hand, but its most recent report projects that it would take more than ten\n        years, and in some cases up to fifty years, to sell many of its CDs.\n\nWithout reliable inventory records, the potential effect is that Folkways may\nmisstate its profitability. Unreliable records increase the risk that Folkways will not\nhave accurate financial information necessary to make sound business decisions.\nFor example, unreliable profitability data has a potentially negative effect on\nFolkways\xe2\x80\x99 decisions regarding the number of new recordings to produce and staffing\ndecisions.\n\nIn addition, OC generates Folkways\xe2\x80\x99 profit and loss statement from the data in ERP.\nCFCH transfers a share of its profits, as outlined in the 2009 MOU, based on\nFolkways\xe2\x80\x99 profit and loss statement. Because this data is unreliable, the amount\ntransferred to the Central Trust Fund may not have been correct.\n\nSmithsonian management informed us that they have suspended the MOU until\nthey can determine that the data captured in Folkways\xe2\x80\x99 profit and loss statement is\nreliable.\n\nAccounts Receivable\n\nFolkways needs to improve management of accounts receivable for mail order sales\nto distributors and educational institutions. We found that Folkways\xe2\x80\x99 accounts\n\n3\n The average unit cost is obtained by dividing the total number of units produced by the production\ncost.\n\n                                                  7\n\x0cSMITHSONIAN INSTITUTION                             OFFICE OF THE INSPECTOR GENERAL\n\n\nreceivable does not reconcile to ERP. In June 2011, OC reported an unexplained\naccounts receivable variance of approximately $54,000 between NetSuite and ERP\naccounting records. As of September 30, 2011, this variance had grown to\napproximately $127,000. Neither Folkways nor OC have been able to resolve the\ndifference. Based on our review of the accounting records, we determined that the\nbalances in both the NetSuite subsidiary ledger and the ERP general ledger are\ninaccurate. See Table 1.\n\n\n\n      Table 1 - Variance Between ERP and NetSuite Accounts Receivable Balances\n\n\n        $140,000\xc2\xa0\n                                                                $127,000\xc2\xa0\n                                                  $121,000\xc2\xa0\n        $120,000\xc2\xa0\n                                    $108,000\xc2\xa0\n        $100,000\xc2\xa0\n\n         $80,000\xc2\xa0\n\n         $60,000\xc2\xa0     $54,000\n\n         $40,000\xc2\xa0\n                       Jun\xe2\x80\x9011        Jul\xe2\x80\x9011        Aug\xe2\x80\x9011        Sep\xe2\x80\x9011\n\n\n\n\nWe also found that the NetSuite accounts receivable aging summary report included\nFolkways\xe2\x80\x99 customers with credit or uncollectible balances. According to the NetSuite\nreport, as of January 2012, more than 30% of accounts receivable were 90 or more\ndays past due. Because the information in NetSuite is unreliable, we could not\nconfirm the accuracy of the aging summary report.\n\nSD 301 Financial Management Accounting Policies and Procedures Handbook states\nthat Smithsonian unit directors are responsible for the effective management of\naccounts receivable including reviewing outstanding accounts receivable balances\nfor uncollectible accounts.\n\nIn addition, CFCH has the primary responsibility to perform the monthly\nreconciliation, or ensure the monthly reconciliation is performed in coordination\nwith its OC liaison. OC\xe2\x80\x99s Financial Analysis and Reporting Division is responsible for\nverifying that the monthly accounts receivable reconciliation is performed by the\nappropriate party. The units are required to have written policies regarding how\nthey extend credit and procedures to conduct timely and systematic follow-up\ncollection efforts on unpaid accounts after 30 days.\n\n\n                                              8\n\x0cSMITHSONIAN INSTITUTION                             OFFICE OF THE INSPECTOR GENERAL\n\n\nThe accounts receivable inaccuracies are the result of several factors:\n\n   \xef\x82\xb7   Folkways staff acknowledged that the NetSuite subsidiary ledger had not\n       always been updated to reflect payments received. The unit\xe2\x80\x99s focus had been\n       on providing accounts receivable payment information to OC to post to the\n       official Smithsonian accounting records.\n\n   \xef\x82\xb7   Folkways staff submit cash receipts vouchers (CRV) to OC\xe2\x80\x99s Cash\n       Management Office to record payments. According to OC, CRVs have been\n       prepared incorrectly, resulting in the Cash Management Office posting\n       payments to the wrong accounts, including accounts that were reportedly\n       closed. In recent months, an OC liaison accountant has been able to identify\n       and bring some of the incorrect entries to Folkways\xe2\x80\x99 attention.\n\n   \xef\x82\xb7   Folkways staff responsible for collecting payments may not have accurate\n       information on delinquent accounts because accounts receivable data in the\n       NetSuite subsidiary ledger is not reliable.\n\n   \xef\x82\xb7   Although Folkways has a policy covering accounts receivable collections in its\n       Folkways Mail Order Manual, this policy does not include written instructions\n       as to when Folkways should write-off uncollectible accounts. In addition, this\n       policy has not been submitted to OC as required by Smithsonian policies.\n\nFolkways provides documentation to OC to support the ERP accounts receivable\nbalance. Because the NetSuite subsidiary ledger is inaccurate, information\ntransferred to ERP is unreliable, and the potential effect is that ERP may misstate\nFolkways\xe2\x80\x99 profit and loss statement. As with its inventory records, Folkways may\nerroneously make business decisions based on unreliable financial information.\n\nRecommendations\n\nWe made the following recommendations to ensure that Folkways\xe2\x80\x99 accounting\nrecords reconcile to ERP and to provide management an accurate view of its\nprofitability.\n\nTo improve the accuracy of the inventory value and the ability of Folkways staff to\naccurately account for it, we recommend that the Comptroller:\n\n   1. Provide technical assistance to the Director of CFCH to determine the\n      appropriate application of the average cost method used to value Folkways\xe2\x80\x99\n      inventory.\n\n\n\n\n                                          9\n\x0cSMITHSONIAN INSTITUTION                            OFFICE OF THE INSPECTOR GENERAL\n\n\nTo improve oversight of the Folkways inventory, we recommend that the Director of\nCFCH:\n\n   2. Develop and implement policies and procedures for the selected application\n      of the inventory method. These policies and procedures should include aging\n      thresholds used to write-off inventory. Ensure that staff receive proper\n      training regarding the inventory method selected.\n\n   3. Review and research current inventory documentation to identify actual\n      account balances. If necessary, rebuild the accounts to accurately reflect\n      assets.\n\n   4. Revise staff performance plans to include requirements to ensure accuracy of\n      prepared financial information.\n\nTo improve oversight of the Folkways accounts receivable, we recommend that the\nDirector of CFCH:\n\n   5. Review and research NetSuite accounts receivable to identify the actual\n      account balances. If necessary, rebuild the accounts to accurately reflect\n      assets.\n\n   6. Revise the Folkways Mail Order Manual to include policies that identify aging\n      thresholds used to write-off accounts receivable. Submit the revised policy to\n      OC, as required by the Smithsonian Financial Management Accounting\n      Policies and Procedures Handbook.\n\n   7. Direct Folkways staff to meet with OC personnel to improve the process for\n      accurately preparing CRVs and other unit generated journal entries.\n\nTo ensure that appropriate amounts are being transferred to the Central Trust Fund\nfrom Folkways, we recommend that the Under Secretary for History, Art, and\nCulture and the Under Secretary for Finance and Administration:\n\n   8. Suspend the Memorandum of Understanding, Treatment of Folkways Fund\n      420 Unit Business Activity Year-End Assets until Folkways\xe2\x80\x99 accounting records\n      accurately reflect Folkways\xe2\x80\x99 profitability as defined by the Comptroller.\n\nManagement has concurred with recommendations 1 through 8 and has planned or\ntaken corrective actions to address the recommendations. Further, management\nprovided support for completion of recommendations 7 and 8. For recommendation\n7, we verified that CFCH management and OC personnel have addressed the\naccurate preparation of CRVs and other journal entries. For recommendation 8, we\nconfirmed that management has suspended the Memorandum of Understanding\nuntil Folkways accounting records accurately reflect financial profitability. We\nbelieve that these actions meet the intent of recommendations 7 and 8. We will\nclose these recommendations effective the date of this report.\n\n\n                                         10\n\x0cSMITHSONIAN INSTITUTION                               OFFICE OF THE INSPECTOR GENERAL\n\n\nFinancial Management of the Festival Marketplace POS System Needs\nImprovement\n\nFolklife needs to improve management and oversight of the Festival\xe2\x80\x99s POS system.\nFolklife enters into agreements with vendors to provide products for the annual\nFestival. Folklife records inventories, tracks sales, and creates vendor payable\ninvoices in the POS system. In 2011, Folklife paid approximately $225,000 to\nMarketplace vendors for products on gross sales of approximately $418,000.\nFolklife management reported that this payment included approximately $7,000 for\ngoods they determined to be lost or stolen.\n\nWe also found that when Folklife sold products to Smithsonian staff after the\nFestival, there were poor controls over recording and receipt of proceeds. For\nexample, not all sales transactions were processed through the POS system and\nFolklife staff could not account for some cash receipts.\n\nAccording to Folklife management, to address these problems, they conducted the\n2012 staff sale immediately following the Festival on the Mall grounds rather than\nup to a month later. Folklife management made this change to ensure that proper\ncontrols remained in place and the POS system remained operational for the\nrecording of those sales.\n\nSD 310 states that management should establish control activities that are effective\nand efficient. In addition, Folklife practices require staff at the Festival to load\ninventory into the POS system prior to sale.\n\nPoor controls over the financial management of the Festival Marketplace activities\nwere the result of the following:\n\n   \xef\x82\xb7   Folklife does not have written policies and procedures to record inventory in\n       the POS system prior to sale. As a result, vendor invoices produced from the\n       POS system did not accurately reflect items received. We determined that\n       these vendor payments were based on inaccurate invoices. In addition,\n       Folklife did not have written procedures to close out vendor accounts at the\n       end of the Festival. Folklife staff also attributed incorrect vendor invoices to a\n       lack of training and high turnover of temporary Festival staff.\n\n   \xef\x82\xb7   Folklife management had poor oversight of post-Festival staff sales made in\n       August and September of 2011. During the audit, Folklife staff determined\n       that approximately $240 of sales to Smithsonian staff were not recorded in\n       the POS system. In addition, approximately $430 was recorded in the POS\n       system, but was not supported by a cash receipt or input in ERP.\n\n\n\n\n                                           11\n\x0cSMITHSONIAN INSTITUTION                              OFFICE OF THE INSPECTOR GENERAL\n\n\nBecause of these internal control deficiencies, Folklife may not be maximizing the\nfinancial performance of the Festival Marketplace. As a result of invoice records not\naccurately reflecting products received, Folklife is unable to determine whether it is\nreimbursing vendors for products that were lost or stolen, or paying for products\nthat it never received. In addition, Folklife\xe2\x80\x99s lack of oversight of post-Festival sales\nincreases the risk that some sales will be improperly recorded or omitted.\n\nRecommendations\n\nTo strengthen controls over the Festival POS system, we recommend that the\nDirector of CFCH:\n\n   9. Formalize and implement procedures to document incoming inventory and\n      ensure that all products are entered in the POS system prior to sale.\n\n  10. Formalize and implement inventory close-out procedures for vendor\n      accounts.\n\nManagement has concurred with recommendations 9 and 10 and has planned or\ntaken corrective actions to address the recommendations. For recommendation 9,\nCFCH management developed new procedures for documenting incoming Festival\ninventory. Based on this documentation, as well as the results of OC\xe2\x80\x99s compliance\nreview of the 2012 Festival Marketplace operations, it appears that CFCH did not\nfully implement these procedures. Therefore, this recommendation will remain open\nuntil CFCH management fully implements the procedures.\n\nFolklife did not Make Timely Cash Deposits of Sales from the Festival\nMarketplace\n\nDuring our review of the Festival Marketplace activities, we identified several\noccurrences where Folklife staff did not make daily deposits of cash and checks\nreceived from sales activity. In fact, Folklife staff waited up to 12 days to deposit\napproximately $30,000, or 39 percent of total Marketplace cash and check sales.\n\nSD 313 states that management should deposit cash daily to reduce the risk of loss\nthrough theft or carelessness. However, Folklife staff stated that competing\npriorities during the Festival prevented them from making daily deposits from\nMarketplace activities. Therefore, they kept the deposits in a safe. Based on the\nresults of our audit, for the 2012 Festival, Folklife management stated that daily\ncash and check deposits were made.\n\nBoth OC and Folklife developed Smithsonian Cash Handling Guidelines for\nConcessionaires and Marketplace Operations, which requires the Marketplace Cash\nManager to prepare daily deposit bags, but does not require daily deposits.\nHowever, OC updated the Smithsonian Guidelines for Concessionaires and\nMarketplace Operations to include the requirement for daily cash deposits and\nprovided us a copy.\n\n\n                                           12\n\x0cSMITHSONIAN INSTITUTION                               OFFICE OF THE INSPECTOR GENERAL\n\n\nRecommendations\n\nTo be consistent with SD 313, we recommend that the Comptroller:\n\n  11. Revise Smithsonian Cash Handling Guidelines for Concessionaires and\n      Marketplace Operations to include a requirement for daily cash deposits.\n\nTo mitigate the risk of loss of daily cash receipts, we recommend that the Director\nof CFCH:\n\n  12. Ensure that Festival staff make daily deposits in accordance with the revised\n      guidelines.\n\nManagement concurred with recommendations 11 and 12. For recommendation 11,\nOC has revised the Smithsonian Cash Handling Guidelines for Concessionaires and\nMarketplace Operations to include a requirement for daily cash deposits. For\nrecommendation 12, CFCH management provided evidence of daily deposits during\nthe 2012 Festival. We believe that these actions meet the intent of our\nrecommendations and we will close them effective the date of this report.\n\nCFCH Needs to Improve Management Over Financial Activities\n\nCFCH\xe2\x80\x99s key financial management staff are responsible for the majority of the\nfinancial activities, often with little supervisory review. This lack of supervision has\nled to poor segregation of duties with regards to file maintenance and cash\ndisbursement, preparation and review of journal entry, and records management.\nSD 310 states that unit directors are responsible for delegating authority that is\nconsistent with standards for proper segregation of responsibilities.\n\nWe also determined that CFCH has not identified and trained alternate staff for key\nfinancial activities when assigned staff are not present. For example, we learned of\nan incident where a financial manager was on leave for several weeks and key\nfinancial functions were not performed. Specifically, Folkways was unable to\nreconcile mail order sales processed through a third party vendor. The Office of\nPersonnel Management has recommended cross-training as an opportunity to\nprepare employees to perform key financial functions in the event of staff\nshortages.\n\nInadequate segregation of duties and lack of cross-training were the result of\nseveral factors:\n\n   \xef\x82\xb7   CFCH have limited staff assigned to financial operations. To compensate for\n       limited staff, CFCH has assigned key management staff incompatible duties.\n       For example, the Folklife financial manager has the ability to modify Festival\n       payment information and is the only person authorized to disburse\n       payments. In addition, the Folkways financial manager generates and\n       approves CRVs with no oversight.\n\n\n                                           13\n\x0cSMITHSONIAN INSTITUTION                              OFFICE OF THE INSPECTOR GENERAL\n\n\n   \xef\x82\xb7   According to CFCH staff, management has provided limited opportunities to\n       cross train the Folklife and Folkways staff. CFCH has limited written policies\n       and procedures that would allow for work to continue when key financial\n       managers are absent. For example, Folkways has assigned only one staff\n       member to manage Record Maestro. This person is responsible for\n       overseeing the input of royalty and licensing data into the royalty payment\n       system; calculating royalty payments for artists and mechanical licensees;\n       pursuing licenses for tracks on Folkways\xe2\x80\x99 recordings; and researching artists\n       that are due royalty payments.\n\nWe believe that the proper segregation of duties will help ensure the timely\ndetection of errors. In addition, the risk of lack of continuity of business increases\nwhen employees are not cross-trained to perform key business operations.\n\nRecommendations\n\nTo ensure the continuity of operations and appropriate segregation of duties, we\nrecommend that the Director of CFCH:\n\n  13. Develop and implement additional written policies and procedures for key\n      financial activities.\n\n  14. Develop cross-training plans to address potential staff turnover and absence.\n      This plan should include opportunities to cross-train staff to mitigate risks\n      caused by resource constraints.\n\nManagement has concurred with recommendations 13 and 14 and has planned\ncorrective actions to address the recommendations.\n\nCFCH is not Following Password and Payment Card Policies\n\nDuring our review of CFCH\xe2\x80\x99s accounting information systems, we determined that\nCFCH was not following Smithsonian policies as outlined in SD 309 Payment Card\nHandbook and SD 931. We found that CFCH employees were sharing one\nadministrator access user ID and password to access the POS system. This system\ncontains payment card information. In addition, CFCH\xe2\x80\x99s unit designee had neither\nattested to CFCH\xe2\x80\x99s compliance with the Smithsonian\xe2\x80\x99s payment card policy nor\nattended the annual PCI training, as required by SD 309 Payment Card Handbook.\nHowever, CFCH informed us that they sent representatives to the 2012 training.\nCFCH systems process payment cards for merchandise. The major payment card\nbrands have developed Payment Card Industry (PCI) standards for merchants and\nservice providers to prevent payment card fraud. As a merchant, the Smithsonian\nmust follow the PCI standards or face fines. The Smithsonian developed SD 309\nalong with the accompanying Payment Card Handbook to establish standards for\naccepting payment cards and securing information associated with payment card\ntransactions.\n\n\n\n\n                                           14\n\x0cSMITHSONIAN INSTITUTION                            OFFICE OF THE INSPECTOR GENERAL\n\n\nTo implement the procedures outlined in SD 309, the directive established the PCI\nWorking Group, co-chaired by senior managers from OCIO and OC, to coordinate SI\nunit compliance activities. Along with other responsibilities, the PCI Working Group\nprovides updates on compliance to Smithsonian units that are accepting or are\nconsidering accepting payment cards as a form of payment.\n\nSD 309 outlines various responsibilities regarding PCI compliance for staff\nthroughout the Smithsonian. OCIO is responsible for educating the Smithsonian\ncommunity about data security responsibilities, as well as assisting units with\nimplementing data security standards, including any required procedures such as\nvulnerability scans and periodic validation. Unit designees are responsible for\nensuring that all individuals who handle or process payment card data adhere to\nthe Smithsonian\xe2\x80\x99s Payment Card Handbook and complete an annual attestation\nstatement indicating compliance with this directive and the Smithsonian\xe2\x80\x99s Payment\nCard Handbook.\n\nIn addition, the Smithsonian\xe2\x80\x99s Payment Card Handbook states that every user must\nuse a unique user account and a personal secret password for access to\nSmithsonian information systems and networks. SD 931 also prohibits system\nadministrators from establishing group accounts controlled by a single password.\n\nFolklife staff shared one administrator user ID and password, which is the highest\nlevel of access for the POS system. The staff believed that the risk of shared access\nwas minimal because those with administrator access generally were not processing\nsales transactions. However, Folklife staff used the shared access to process post-\nFestival sales.\n\nIn addition, the PCI Working Group had not conducted a PCI Assessment of CFCH\xe2\x80\x99s\npayment card systems since 2009, which could have brought this issue to OCIO\xe2\x80\x99s\nattention. OCIO takes a risk-based approach when assessing PCI compliance, which\ngenerally focuses on larger units that accept the majority of the Smithsonian\xe2\x80\x99s\npayment card transactions.\n\nThe lack of unique user IDs and passwords prevents CFCH from having\naccountability over the POS system. During the course of our audit, Folklife staff\nconfirmed a cash transaction that was processed by someone using the shared user\nID. CFCH could not determine who processed this transaction or if the proceeds\nwere deposited into the bank. In addition, the Smithsonian is at risk of reputational\nharm should the integrity of customer payment card information be compromised.\n\nRecommendations\n\nTo improve user access controls over all of CFCH\xe2\x80\x99s payment card systems, we\nrecommend the Director of OCIO:\n\n 15. Direct the PCI Working Group to assess CFCH\xe2\x80\x99s compliance with SD 309.\n\n\n\n\n                                         15\n\x0cSMITHSONIAN INSTITUTION                          OFFICE OF THE INSPECTOR GENERAL\n\n\nWe also recommend that the Director of CFCH:\n\n 16. Comply with SD 309 and implement corrective action for deficiencies\n     identified in the PCI Working Group\xe2\x80\x99s assessment.\n\n 17. Ensure that the unit designee(s) attend the annual PCI training provided by\n     OCIO.\n\nManagement concurred with recommendations 15 through 17 and has planned or\ntaken corrective actions to address the recommendations. For recommendation 17,\nCFCH management provided evidence that the unit designee attended the annual\nPCI training. We believe that this action meets the intent of the recommendation,\nand we will close the recommendation effective the date of this report.\n\n\n\n\n                                       16\n\x0cSMITHSONIAN INSTITUTION                            OFFICE OF THE INSPECTOR GENERAL\n\n\nAPPENDIX A. SCOPE AND METHODOLOGY\n\nThe objectives of this audit were to assess whether CFCH\xe2\x80\x99s accounting information\nsystems: (1) reconcile to the Smithsonian\xe2\x80\x99s ERP system; (2) provide management\nan accurate view of CFCH\xe2\x80\x99s business activities; and (3) can be improved to increase\nefficiencies.\n\nTo accomplish our objectives, we reviewed Smithsonian directives and guidance\npertinent to financial management, especially those for unit auxiliary activities. We\nalso reviewed previous audit reports involving CFCH to identify any issues that may\nbe relevant to the current audit objectives. Further, we examined best practices\nfrom other organizations.\n\nWe evaluated the financial management controls and procedures at CFCH and\nconducted walkthrough interviews with staff to identify procedural strengths and\nweaknesses. We interviewed staff assigned to the Festival and Smithsonian\nFolkways Recordings. We also interviewed staff from the Office of the Comptroller,\nOffice of the Chief Information Officer, Office of Protection Services, Office of the\nGeneral Counsel, and the Office of Planning, Management and Budget.\n\nTo accomplish our objectives, we tested CFCH system records and transactions to\nidentify internal control strengths and weaknesses.\n\nFolklife Accounting Information Systems\n\nWe identified 585 individual participant records in the Participant Tracking System\nfor the 2011 Festival. To assess the accuracy of data maintained in this system, we\nselected a sample of 20 participant records. We traced information entered into the\nsystem to source documents and verified the accuracy of payments made to\nFestival participants. Lastly, we traced payments to the Smithsonian\xe2\x80\x99s official\naccounting system.\n\nWe reviewed the POS system that Folklife uses to record Festival Marketplace sales\nand determine vendor payments. We reviewed CFCH staff reports on Marketplace\nsales and verified that proceeds from sales were properly recorded in the POS\nsystem and ERP. We verified whether credit card transactions recorded in the POS\nsystem reconciled to the credit card company settlement reports. We reviewed the\ntimeliness of daily bank deposits of cash and check sales. We selected a sample of\n13 invoices which represented approximately 72% of the payments made to the\nvendors and traced these vendor payments to ERP. Because we selected a\njudgmental sample, we cannot project the results to the universe of vendor\npayments.\n\nWe interviewed CFCH staff that use the Far Sight system as their auxiliary\naccounting records. Because Far Sight is not used to approve or distribute funds,\ncapture sensitive personal information, reconcile financial activity to the\nSmithsonian\xe2\x80\x99s ERP, or record Folkways business activity we did not conduct testing\nof the system.\n\n\n                                            A-1\n\x0cSMITHSONIAN INSTITUTION                          OFFICE OF THE INSPECTOR GENERAL\n\n\nAPPENDIX A. SCOPE AND METHODOLOGY (continued)\n\nFolkways\xe2\x80\x99 Accounting Information Systems\n\nWe interviewed personnel from Folkways and OC regarding their methods for\ntracking and recording inventory and accounts receivable. We compared Folkways\xe2\x80\x99\ninventory accounting records to ERP as of September 30, 2011. Further, we\nreviewed Folkways\xe2\x80\x99 inventory projection report and the accounts receivable records\nfor mail order sales. Lastly, we analyzed monthly reconciliations prepared by OC\nand accounts receivable aging summary reports from the NetSuite system.\n\nWe reconciled Folkways\xe2\x80\x99 sales data to reports uploaded into the royalty payment\nsystem. We traced the sales information to verify posting to the Smithsonian\xe2\x80\x99s\nofficial accounting system. In addition, we reviewed the Office of the General\nCounsel\xe2\x80\x99s guidance regarding Folkways\xe2\x80\x99 royalties payable account. Lastly, we\nevaluated the royalties payable balance.\n\nTo verify royalty payments to artists and mechanical licensees, we selected a\njudgmental sample of 49 artist royalty payments and 10 mechanical licensee\npayments made in the second half of 2011. These payments represented\napproximately 75% of the total amount paid to artist royaltors and 93% of the total\namount paid to mechanical licensees. We reviewed supporting documentation to\ndetermine whether payments were made in accordance with contractual\nagreements and recorded sales. We also verified that there was a valid reason why\nno payments were made for certain royaltor accounts. Because we selected a\njudgmental sample, we cannot project the results to the universe of royalty\npayments.\n\nWe conducted this performance audit in Washington, D.C., from September 2011\nthrough June 2012, in accordance with generally accepted government auditing\nstandards. Those standards require that we plan and perform the audit to obtain\nsufficient, appropriate evidence to provide a reasonable basis for our findings and\nconclusions based on our audit objectives. We believe that the evidence we\nobtained provides a reasonable basis for our findings and conclusions based on our\naudit objectives.\n\n\n\n\n                                           A-2\n\x0cSMITHSONIAN INSTITUTION              OFFICE OF THE INSPECTOR GENERAL\n\n\nAPPENDIX B. MANAGEMENT\xe2\x80\x99S RESPONSE\n\n\n\n\n                               B-1\n\x0cSMITHSONIAN INSTITUTION               OFFICE OF THE INSPECTOR GENERAL\n\n\nAPPENDIX B. MANAGEMENT\xe2\x80\x99S RESPONSE (continued)\n\n\n\n\n                                B-2\n\x0cSMITHSONIAN INSTITUTION               OFFICE OF THE INSPECTOR GENERAL\n\n\nAPPENDIX B. MANAGEMENT\xe2\x80\x99S RESPONSE (continued)\n\n\n\n\n                                B-3\n\x0cSMITHSONIAN INSTITUTION               OFFICE OF THE INSPECTOR GENERAL\n\n\nAPPENDIX B. MANAGEMENT\xe2\x80\x99S RESPONSE (continued)\n\n\n\n\n                                B-4\n\x0cSMITHSONIAN INSTITUTION                                OFFICE OF THE INSPECTOR GENERAL\n\nAPPENDIX C. SCHEDULE FOR COMPLETION OF AUDIT RECOMMENDATIONS\n\n\n  Rec                                                                Target\n   #                     Recommendation                          Completion Date\n\n  Finding #1: The Folkways Profit and Loss Statement is Not Reliable\n\n   1.   Provide technical assistance to the Director of CFCH       10/31/2012\n        to determine the appropriate application of the\n        average cost method used to value Folkways\xe2\x80\x99\n        inventory.\n   2.   Develop and implement policies and procedures for           9/30/2013\n        the selected application of the inventory method.\n        These policies and procedures should include aging\n        thresholds used to write-off inventory. Ensure that\n        staff receive proper training regarding the inventory\n        method selected.\n   3.   Review and research current inventory                       9/30/2013\n        documentation to identify actual account balances.\n        If necessary, rebuild the accounts to accurately\n        reflect assets.\n   4.   Revise staff performance plans to include                  11/30/2012\n        requirements to ensure accuracy of prepared\n        financial information.\n   5.   Review and research NetSuite accounts receivable            9/30/2013\n        to identify the actual account balances. If\n        necessary, rebuild the accounts to accurately reflect\n        assets.\n   6.   Revise the Folkways Mail Order Manual to include           10/15/2012\n        policies that identify aging thresholds used to write-\n        off accounts receivable. Submit the revised policy\n        to OC, as required by the Smithsonian Financial\n        Management Accounting Policies and Procedures\n        Handbook\n   7.   Direct Folkways staff to meet with OC personnel to            Closed\n        improve the process for accurately preparing CRVs\n        and other unit generated journal entries.\n   8.   Suspend the Memorandum of Understanding,                      Closed\n        Treatment of Folkways Fund 420 Unit Business\n        Activity Year-End Assets until Folkways\xe2\x80\x99 accounting\n        records accurately reflect Folkways\xe2\x80\x99 profitability as\n        defined by the Comptroller.\n\n  Finding #2: Financial Management of the Festival Marketplace POS\n  System Needs Improvement\n\n   9.   Formalize and implement procedures to document              8/30/2013\n        incoming inventory and ensure that all products are\n        entered in the POS system prior to sale.\n  10.   Formalize and implement inventory close-out                 8/30/2013\n        procedures for vendor accounts.\n\n\n                                            C-1\n\x0cSMITHSONIAN INSTITUTION                                 OFFICE OF THE INSPECTOR\n\nAPPENDIX C. SCHEDULE FOR COMPLETION OF AUDIT RECOMMENDATIONS\n            (continued)\n\n\n  Rec                                                              Target\n   #                   Recommendation                          Completion Date\n\n  Finding #3: Folklife did not Make Timely Cash Deposits of Sales from\n  the Festival Marketplace\n\n  11.   Revise Smithsonian Cash Handling Guidelines for             Closed\n        Concessionaires and Marketplace Operations to\n        include a requirement for daily cash deposits.\n  12.   Ensure that Festival staff make daily deposits in           Closed\n        accordance with the revised guidelines.\n\n  Finding #4: CFCH Needs to Improve Management Over Financial\n  Activities\n\n  13.   Develop and implement additional written policies          9/1/2013\n        and procedures for key financial activities.\n  14.   Develop cross-training plans to address potential          9/1/2013\n        staff turnover and absence. This plan should\n        include opportunities to cross-train staff to\n        mitigate risks caused by resource constraints.\n\n  Finding #5: CFCH is not Following Password and Payment Card\n  Policies\n\n  15.   Direct the PCI Working Group to assess CFCH\xe2\x80\x99s             10/31/2012\n        compliance with SD 309.\n  16.   Comply with SD 309 and implement corrective               12/14/2012\n        action for deficiencies identified in the PCI\n        Working Group\xe2\x80\x99s assessment.\n  17.   Ensure that the unit designee(s) attend the                 Closed\n        annual PCI training provided by OCIO.\n\n\n\n\n                                           C-2\n\x0cSMITHSONIAN INSTITUTION                          OFFICE OF THE INSPECTOR GENERAL\n\nAPPENDIX D. CONTRIBUTORS TO REPORT\n\nThe following individuals from the Smithsonian Office of the Inspector General\ncontributed to this report:\n\nJoan Mockeridge, Supervisory Auditor\nKimm A. Richards, Senior Management Analyst\nJoseph E. Benham, Auditor\nElsy Woodill, Auditor\n\n\n\n\n                                        D-1\n\x0c"